[git] GCRYPT - branch, ECC-INTEGRATION-1-5, updated. libgcrypt-1.4.4-61-g7cb0d35
by Werner Koch
cvs at cvs.gnupg.org
Mon Jan 31 16:02:43 CET 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, ECC-INTEGRATION-1-5 has been updated
via 7cb0d357f1564b2ba3fdde707bd9ee7272059d5b (commit)
via 0b1d70dcd6b81b1bc10f574e1b34ac7723e245a2 (commit)
via 1517b088d3b0602990dba0002ea16221387ad30f (commit)
via 55563efccdafc8fb470cab0cae6d186147cc09b6 (commit)
via f4786ac5fe01ba111eee27d1a1e9f3d40a9fac02 (commit)
via 2089236f5713118e8adbaf8482730e3f2c556c1a (commit)
via 3bbd874e677c5330b93591c3ae38f9e9372ebcd5 (commit)
from def2727f8bee594b2b51863391296468813c604b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7cb0d357f1564b2ba3fdde707bd9ee7272059d5b
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jan 31 15:35:08 2011 +0100
Changed ecdh parameter names and fixed MPI allocation.
diff --git a/NEWS b/NEWS
index 0724009..48b2e06 100644
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,8 @@ Noteworthy changes in version 1.5.x (unreleased)
* Support ECDH.
+ * gcry_sexp_build does now support opaque MPIs with "%m".
+
* Interface changes relative to the 1.4.2 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GCRY_CIPHER_MODE_AESWRAP NEW.
diff --git a/cipher/ChangeLog b/cipher/ChangeLog
index 36773ab..0f33f7a 100644
--- a/cipher/ChangeLog
+++ b/cipher/ChangeLog
@@ -1,3 +1,10 @@
+2011-01-31 Werner Koch <wk at g10code.com>
+
+ * ecc.c (ecc_encrypt_raw, ecc_decrypt_raw): Do not free passed
+ parameters.
+ (ecc_sk_free, ecc_pk_free): Remove.
+ (test_keys): Replace ecc_pk_free by point_free and curve_free.
+
2011-01-28 Werner Koch <wk at g10code.com>
* pubkey.c (gcry_pk_genkey): Hack to insert the used curve name.
diff --git a/cipher/ecc.c b/cipher/ecc.c
index 4561749..8b60895 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -351,29 +351,6 @@ curve_free (elliptic_curve_t *E)
/*
- * Release a PK object.
- */
-static void
-ecc_pk_free (ECC_public_key *pk)
-{
- point_free (&pk->Q);
- curve_free (&pk->E);
-}
-
-
-/*
- * Release a SK object.
- */
-static void
-ecc_sk_free (ECC_secret_key *sk)
-{
- point_free (&sk->Q);
- curve_free (&sk->E);
- mpi_free (sk->d); sk->d = NULL;
-}
-
-
-/*
* Return a copy of a curve object.
*/
static elliptic_curve_t
@@ -447,7 +424,8 @@ gen_k (gcry_mpi_t p, int security_level)
nbits = mpi_get_nbits (p);
k = mpi_snew (nbits);
if (DBG_CIPHER)
- log_debug ("choosing a random k of %u bits\n", nbits);
+ log_debug ("choosing a random k of %u bits at seclevel %d\n",
+ nbits, security_level);
gcry_mpi_randomize (k, nbits, security_level);
@@ -562,9 +540,6 @@ generate_key (ECC_secret_key *sk, unsigned int nbits, const char *name,
}
random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM;
- if (DBG_CIPHER)
- log_debug ("choosing a random x of size %u%s\n", nbits,
- transient_key? " (transient-key)":"");
d = gen_k (E.n, random_level);
/* Compute Q. */
@@ -648,7 +623,8 @@ test_keys (ECC_secret_key *sk, unsigned int nbits)
if (DBG_CIPHER)
log_debug ("ECDSA operation: sign, verify ok.\n");
- ecc_pk_free (&pk);
+ point_free (&pk.Q);
+ curve_free (&pk.E);
point_free (&R_);
mpi_free (s);
@@ -1368,7 +1344,8 @@ ecc_encrypt_raw (int algo, gcry_mpi_t *resarr, gcry_mpi_t k,
}
_gcry_mpi_ec_free (ctx);
- ecc_pk_free (&pk);
+ point_free (&pk.E.G);
+ point_free (&pk.Q);
if (!result[0] || !result[1])
{
@@ -1469,7 +1446,9 @@ ecc_decrypt_raw (int algo, gcry_mpi_t *result, gcry_mpi_t *data,
point_free (&R);
_gcry_mpi_ec_free (ctx);
- ecc_sk_free (&sk) ;
+ point_free (&kG);
+ point_free (&sk.E.G);
+ point_free (&sk.Q);
if (!r)
return GPG_ERR_ENOMEM;
@@ -1678,7 +1657,7 @@ gcry_pk_spec_t _gcry_pubkey_spec_ecdsa =
gcry_pk_spec_t _gcry_pubkey_spec_ecdh =
{
"ECDH", ecdh_names,
- "pabgnq", "pabgnqd", "rs", "", "pabgnq",
+ "pabgnq", "pabgnqd", "se", "", "pabgnq",
GCRY_PK_USAGE_ENCR,
ecc_generate,
ecc_check_secret_key,
diff --git a/cipher/pubkey.c b/cipher/pubkey.c
index d540866..b2de4e6 100644
--- a/cipher/pubkey.c
+++ b/cipher/pubkey.c
@@ -2274,7 +2274,6 @@ gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms)
while (nelem < DIM (mpis))
mpis[nelem++] = NULL;
- log_debug ("-->%s<-- %d\n", string, percent_s_idx);
{
int elem_n = strlen (pub_elems) + strlen (sec_elems);
void **arg_list;
diff --git a/src/ChangeLog b/src/ChangeLog
index fe267b0..f2fbb32 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2011-01-31 Werner Koch <wk at g10code.com>
+
+ * sexp.c (vsexp_sscan): Allow opaque MPIs in "%m".
+
2010-08-27 Werner Koch <wk at g10code.com>
* g10lib.h (HWF_INTEL_AES): New.
diff --git a/src/sexp.c b/src/sexp.c
index d4f238b..a64ad42 100644
--- a/src/sexp.c
+++ b/src/sexp.c
@@ -1257,36 +1257,76 @@ vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
ARG_NEXT (m, gcry_mpi_t);
- if (gcry_mpi_print (GCRYMPI_FMT_STD, NULL, 0, &nm, m))
- BUG ();
+ if (gcry_mpi_get_flag (m, GCRYMPI_FLAG_OPAQUE))
+ {
+ void *mp;
+ unsigned int nbits;
- MAKE_SPACE (nm);
- if (!gcry_is_secure (c.sexp->d)
- && gcry_mpi_get_flag ( m, GCRYMPI_FLAG_SECURE))
- {
- /* We have to switch to secure allocation. */
- gcry_sexp_t newsexp;
- byte *newhead;
+ mp = gcry_mpi_get_opaque (m, &nbits);
+ nm = (nbits+7)/8;
+ if (mp && nm)
+ {
+ MAKE_SPACE (nm);
+ if (!gcry_is_secure (c.sexp->d)
+ && gcry_mpi_get_flag (m, GCRYMPI_FLAG_SECURE))
+ {
+ /* We have to switch to secure allocation. */
+ gcry_sexp_t newsexp;
+ byte *newhead;
+
+ newsexp = gcry_malloc_secure (sizeof *newsexp
+ + c.allocated - 1);
+ if (!newsexp)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+ newhead = newsexp->d;
+ memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d));
+ c.pos = newhead + (c.pos - c.sexp->d);
+ gcry_free (c.sexp);
+ c.sexp = newsexp;
+ }
+
+ *c.pos++ = ST_DATA;
+ STORE_LEN (c.pos, nm);
+ memcpy (c.pos, mp, nm);
+ c.pos += nm;
+ }
+ }
+ else
+ {
+ if (gcry_mpi_print (GCRYMPI_FMT_STD, NULL, 0, &nm, m))
+ BUG ();
- newsexp = gcry_malloc_secure (sizeof *newsexp
- + c.allocated - 1);
- if (!newsexp)
+ MAKE_SPACE (nm);
+ if (!gcry_is_secure (c.sexp->d)
+ && gcry_mpi_get_flag ( m, GCRYMPI_FLAG_SECURE))
{
- err = gpg_err_code_from_errno (errno);
- goto leave;
+ /* We have to switch to secure allocation. */
+ gcry_sexp_t newsexp;
+ byte *newhead;
+
+ newsexp = gcry_malloc_secure (sizeof *newsexp
+ + c.allocated - 1);
+ if (!newsexp)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+ newhead = newsexp->d;
+ memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d));
+ c.pos = newhead + (c.pos - c.sexp->d);
+ gcry_free (c.sexp);
+ c.sexp = newsexp;
}
- newhead = newsexp->d;
- memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d));
- c.pos = newhead + (c.pos - c.sexp->d);
- gcry_free (c.sexp);
- c.sexp = newsexp;
- }
- *c.pos++ = ST_DATA;
- STORE_LEN (c.pos, nm);
- if (gcry_mpi_print (GCRYMPI_FMT_STD, c.pos, nm, &nm, m))
- BUG ();
- c.pos += nm;
+ *c.pos++ = ST_DATA;
+ STORE_LEN (c.pos, nm);
+ if (gcry_mpi_print (GCRYMPI_FMT_STD, c.pos, nm, &nm, m))
+ BUG ();
+ c.pos += nm;
+ }
}
else if (*p == 's')
{
commit 0b1d70dcd6b81b1bc10f574e1b34ac7723e245a2
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jan 31 09:29:20 2011 +0100
Return used curve name with ECC key generation
diff --git a/cipher/ChangeLog b/cipher/ChangeLog
index 64ddb13..36773ab 100644
--- a/cipher/ChangeLog
+++ b/cipher/ChangeLog
@@ -1,3 +1,7 @@
+2011-01-28 Werner Koch <wk at g10code.com>
+
+ * pubkey.c (gcry_pk_genkey): Hack to insert the used curve name.
+
2011-01-27 Werner Koch <wk at g10code.com>
* ecc.c (fill_in_curve): Remove.
@@ -22,6 +26,10 @@
readability. Use ECC_public_key instead of ECC_secret_key.
Require a caller to pass a complete pkey array.
(ecc_decrypt_raw): Require a caller to pass a complete skey array.
+ (elliptic_curve_t): Add field NAME.
+ (fill_in_curve): Set field.
+ (generate_key): Add arg R_USED_CURVE.
+ (ecc_generate_ext): Return used curve name.
2011-01-26 Werner Koch <wk at g10code.com>
diff --git a/cipher/ecc.c b/cipher/ecc.c
index ae55f8c..4561749 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -68,6 +68,7 @@ typedef struct
gcry_mpi_t b; /* Second coefficient of the Weierstrass equation. */
mpi_point_t G; /* Base point (generator). */
gcry_mpi_t n; /* Order of G. */
+ const char *name; /* Name of curve or NULL. */
} elliptic_curve_t;
@@ -465,13 +466,17 @@ fill_in_curve (unsigned int nbits, const char *name,
elliptic_curve_t *curve, unsigned int *r_nbits)
{
int idx, aliasno;
+ const char *resname = NULL; /* Set to a found curve name. */
if (name)
{
- /* First check nor native curves. */
+ /* First check our native curves. */
for (idx = 0; domain_parms[idx].desc; idx++)
if (!strcmp (name, domain_parms[idx].desc))
- break;
+ {
+ resname = domain_parms[idx].desc;
+ break;
+ }
/* If not found consult the alias table. */
if (!domain_parms[idx].desc)
{
@@ -483,7 +488,10 @@ fill_in_curve (unsigned int nbits, const char *name,
for (idx = 0; domain_parms[idx].desc; idx++)
if (!strcmp (curve_aliases[aliasno].name,
domain_parms[idx].desc))
- break;
+ {
+ resname = domain_parms[idx].desc;
+ break;
+ }
}
}
}
@@ -510,6 +518,7 @@ fill_in_curve (unsigned int nbits, const char *name,
curve->G.x = scanval (domain_parms[idx].g_x);
curve->G.y = scanval (domain_parms[idx].g_y);
curve->G.z = mpi_alloc_set_ui (1);
+ curve->name = resname;
return 0;
}
@@ -523,7 +532,8 @@ static gpg_err_code_t
generate_key (ECC_secret_key *sk, unsigned int nbits, const char *name,
int transient_key,
gcry_mpi_t g_x, gcry_mpi_t g_y,
- gcry_mpi_t q_x, gcry_mpi_t q_y)
+ gcry_mpi_t q_x, gcry_mpi_t q_y,
+ const char **r_usedcurve)
{
gpg_err_code_t err;
elliptic_curve_t E;
@@ -532,6 +542,8 @@ generate_key (ECC_secret_key *sk, unsigned int nbits, const char *name,
mpi_ec_t ctx;
gcry_random_level_t random_level;
+ *r_usedcurve = NULL;
+
err = fill_in_curve (nbits, name, &E, &nbits);
if (err)
return err;
@@ -544,7 +556,9 @@ generate_key (ECC_secret_key *sk, unsigned int nbits, const char *name,
log_mpidump ("ecgen curve n", E.n);
log_mpidump ("ecgen curve Gx", E.G.x);
log_mpidump ("ecgen curve Gy", E.G.y);
- log_mpidump ("ecgen cyrve Gz", E.G.z);
+ log_mpidump ("ecgen curve Gz", E.G.z);
+ if (E.name)
+ log_debug ("ecgen curve used: %s\n", E.name);
}
random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM;
@@ -584,6 +598,8 @@ generate_key (ECC_secret_key *sk, unsigned int nbits, const char *name,
point_free (&Q);
mpi_free (d);
+
+ *r_usedcurve = E.name;
curve_free (&E);
/* Now we can test our keys (this should never fail!). */
@@ -992,10 +1008,10 @@ ecc_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
char *curve_name = NULL;
gcry_sexp_t l1;
int transient_key = 0;
+ const char *usedcurve = NULL;
(void)algo;
(void)evalue;
- (void)r_extrainfo;
if (genparms)
{
@@ -1026,10 +1042,13 @@ ecc_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
g_y = mpi_new (0);
q_x = mpi_new (0);
q_y = mpi_new (0);
- ec = generate_key (&sk, nbits, curve_name, transient_key, g_x, g_y, q_x, q_y);
+ ec = generate_key (&sk, nbits, curve_name, transient_key, g_x, g_y, q_x, q_y,
+ &usedcurve);
gcry_free (curve_name);
if (ec)
return ec;
+ if (usedcurve) /* Fixme: No error return checking. */
+ gcry_sexp_build (r_extrainfo, NULL, "(curve %s)", usedcurve);
skey[0] = sk.E.p;
skey[1] = sk.E.a;
@@ -1050,7 +1069,7 @@ ecc_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
/* Make an empty list of factors. */
*retfactors = gcry_calloc ( 1, sizeof **retfactors );
if (!*retfactors)
- return gpg_err_code_from_syserror ();
+ return gpg_err_code_from_syserror (); /* Fixme: relase mem? */
if (DBG_CIPHER)
{
@@ -1659,7 +1678,7 @@ gcry_pk_spec_t _gcry_pubkey_spec_ecdsa =
gcry_pk_spec_t _gcry_pubkey_spec_ecdh =
{
"ECDH", ecdh_names,
- "pabgnq", "pabgnqd", "", "rs", "pabgnq",
+ "pabgnq", "pabgnqd", "rs", "", "pabgnq",
GCRY_PK_USAGE_ENCR,
ecc_generate,
ecc_check_secret_key,
diff --git a/cipher/pubkey.c b/cipher/pubkey.c
index 2861d29..d540866 100644
--- a/cipher/pubkey.c
+++ b/cipher/pubkey.c
@@ -2078,7 +2078,7 @@ gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms)
char *name = NULL;
size_t n;
gcry_err_code_t rc = GPG_ERR_NO_ERROR;
- int i;
+ int i, j;
const char *algo_name = NULL;
int algo;
const char *sec_elems = NULL, *pub_elems = NULL;
@@ -2196,6 +2196,7 @@ gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms)
char *string, *p;
size_t nelem=0, nelem_cp = 0, needed=0;
gcry_mpi_t mpis[30];
+ int percent_s_idx = -1;
/* Estimate size of format string. */
nelem = strlen (pub_elems) + strlen (sec_elems);
@@ -2230,6 +2231,13 @@ gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms)
p = stpcpy (p, "%m)");
mpis[nelem++] = skey[i];
}
+ if (extrainfo && (algo == GCRY_PK_ECDSA || algo == GCRY_PK_ECDH))
+ {
+ /* Very ugly hack to insert the used curve parameter into the
+ list of public key parameters. */
+ percent_s_idx = nelem;
+ p = stpcpy (p, "%S");
+ }
p = stpcpy (p, "))");
p = stpcpy (p, "(private-key(");
p = stpcpy (p, algo_name);
@@ -2245,7 +2253,7 @@ gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms)
/* Hack to make release_mpi_array() work. */
skey[i] = NULL;
- if (extrainfo)
+ if (extrainfo && percent_s_idx == -1)
{
/* If we have extrainfo we should not have any factors. */
p = stpcpy (p, "%S");
@@ -2266,6 +2274,7 @@ gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms)
while (nelem < DIM (mpis))
mpis[nelem++] = NULL;
+ log_debug ("-->%s<-- %d\n", string, percent_s_idx);
{
int elem_n = strlen (pub_elems) + strlen (sec_elems);
void **arg_list;
@@ -2277,16 +2286,19 @@ gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms)
rc = gpg_err_code_from_errno (errno);
goto leave;
}
- for (i = 0; i < elem_n; i++)
- arg_list[i] = mpis + i;
- if (extrainfo)
- arg_list[i] = &extrainfo;
+ for (i = j = 0; i < elem_n; i++)
+ {
+ if (i == percent_s_idx)
+ arg_list[j++] = &extrainfo;
+ arg_list[j++] = mpis + i;
+ }
+ if (extrainfo && percent_s_idx == -1)
+ arg_list[j] = &extrainfo;
else if (factors && factors[0])
{
for (; i < nelem_cp; i++)
- arg_list[i] = factors + i - elem_n;
+ arg_list[j++] = factors + i - elem_n;
}
-
rc = gcry_sexp_build_array (r_key, NULL, string, arg_list);
gcry_free (arg_list);
if (rc)
commit 1517b088d3b0602990dba0002ea16221387ad30f
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jan 27 11:32:58 2011 +0100
Reverted the API to the old one.
Storing thy curve name into an MPI and dropping all the other
parameters breaks the ABI. Further it as not anymore possible to
specify arbitrary curves. Thus I had to revert it to the old ABI.
Another advantage is that the required ECDH changes are now minimal.
The disadvantage is that we need to adjust the GnuPG code and do the
curve selection and translation to DER encoded OIDs itself.
diff --git a/cipher/ChangeLog b/cipher/ChangeLog
index f38c818..64ddb13 100644
--- a/cipher/ChangeLog
+++ b/cipher/ChangeLog
@@ -1,3 +1,28 @@
+2011-01-27 Werner Koch <wk at g10code.com>
+
+ * ecc.c (fill_in_curve): Remove.
+ (MAX_ECC_OID_LEN): Remove.
+ (elliptic_curve_t, ecc_domain_parms_t): Remove field NAME_OID.
+ (curve_oid_NISTP256, curve_oid_NISTP384, curve_oid_NISTP521):
+ Remove.
+ (generate_curve): Rename to ..
+ (fill_in_curve): this. Remove setting of NAME_OID.
+ (ecc_generate_ext): Remove kek-params code.
+ (generate_key): Remove name oid stuff.
+ (name_oid_to_mpi): Remove.
+ (mpi_to_name_oid): Remove.
+ (ecc_generate_ext): Revert to pre-ECDH integration state.
+ (ecc_check_secret_key): Ditto.
+ (ecc_sign): Ditto.
+ (ecc_verify): Ditto.
+ (ecc_get_nbits): Revert.
+ (_gcry_pubkey_spec_ecdsa): Revert list or parameters.
+ (_gcry_pubkey_spec_ecdh): Use same parameter list as for ECDSA.
+ (ecc_encrypt_raw): Change name of arg DATA to K for better
+ readability. Use ECC_public_key instead of ECC_secret_key.
+ Require a caller to pass a complete pkey array.
+ (ecc_decrypt_raw): Require a caller to pass a complete skey array.
+
2011-01-26 Werner Koch <wk at g10code.com>
* pubkey.c (sexp_to_key): Revert to pre-ECDH integration state.
diff --git a/cipher/ecc.c b/cipher/ecc.c
index 9ec4bb6..ae55f8c 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -33,20 +33,21 @@
up. In fact there is not much left of the orginally code except for
some variable names and the text book implementaion of the sign and
verification algorithms. The arithmetic functions have entirely
- been rewritten and moved to mpi/ec.c. */
+ been rewritten and moved to mpi/ec.c.
+
+ ECDH encrypt and decrypt code written by Andrey Jivsov,
+*/
/* TODO:
- - If we support point compression we need to decide how to compute
- the keygrip - it should not change due to compression.
+ - If we support point compression we need to uncompress before
+ computing the keygrip
- In mpi/ec.c we use mpi_powm for x^2 mod p: Either implement a
special case in mpi_powm or check whether mpi_mulm is faster.
- Decide whether we should hide the mpi_point_t definition.
-
- - Support more than just ECDSA.
*/
@@ -58,10 +59,6 @@
#include "g10lib.h"
#include "mpi.h"
#include "cipher.h"
-#include <assert.h>
-
-/* The maximum length of our DER encoded OID. */
-#define MAX_ECC_OID_LEN 16
/* Definition of a curve. */
typedef struct
@@ -71,10 +68,6 @@ typedef struct
gcry_mpi_t b; /* Second coefficient of the Weierstrass equation. */
mpi_point_t G; /* Base point (generator). */
gcry_mpi_t n; /* Order of G. */
-
- /* One byte length, followed by DER representation of curve OID:
- * N byte OID is encoded as N+1 bytes as follows: N x0 x1 ... xN. */
- byte name_oid[MAX_ECC_OID_LEN];
} elliptic_curve_t;
@@ -127,18 +120,10 @@ static const struct
{ NULL, NULL}
};
-static const byte curve_oid_NISTP256[] =
- { 8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07 };
-static const byte curve_oid_NISTP384[] =
- { 5, 0x2B, 0x81, 0x04, 0x00, 0x22 };
-static const byte curve_oid_NISTP521[] =
- { 5, 0x2B, 0x81, 0x04, 0x00, 0x23 };
-
typedef struct {
const char *desc; /* Description of the curve. */
unsigned int nbits; /* Number of bits. */
unsigned int fips:1; /* True if this is a FIPS140-2 approved curve. */
- const byte *name_oid; /* points to LEN + curve DER OID, optional */
const char *p; /* Order of the prime field. */
const char *a, *b; /* The coefficients. */
const char *n; /* The order of the base point. */
@@ -149,7 +134,7 @@ typedef struct {
static const ecc_domain_parms_t domain_parms[] =
{
{
- "NIST P-192", 192, 1, NULL,
+ "NIST P-192", 192, 1,
"0xfffffffffffffffffffffffffffffffeffffffffffffffff",
"0xfffffffffffffffffffffffffffffffefffffffffffffffc",
"0x64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1",
@@ -159,7 +144,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0x07192b95ffc8da78631011ed6b24cdd573f977a11e794811"
},
{
- "NIST P-224", 224, 1, NULL,
+ "NIST P-224", 224, 1,
"0xffffffffffffffffffffffffffffffff000000000000000000000001",
"0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe",
"0xb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4",
@@ -169,7 +154,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0xbd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34"
},
{
- "NIST P-256", 256, 1, curve_oid_NISTP256,
+ "NIST P-256", 256, 1,
"0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
"0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
"0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
@@ -179,7 +164,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"
},
{
- "NIST P-384", 384, 1, curve_oid_NISTP384,
+ "NIST P-384", 384, 1,
"0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe"
"ffffffff0000000000000000ffffffff",
"0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe"
@@ -195,7 +180,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0a60b1ce1d7e819d7a431d7c90ea0e5f"
},
{
- "NIST P-521", 521, 1, curve_oid_NISTP521,
+ "NIST P-521", 521, 1,
"0x01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
"0x01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
@@ -211,7 +196,7 @@ static const ecc_domain_parms_t domain_parms[] =
"62c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650"
},
- { "brainpoolP160r1", 160, 0, NULL,
+ { "brainpoolP160r1", 160, 0,
"0xe95e4a5f737059dc60dfc7ad95b3d8139515620f",
"0x340e7be2a280eb74e2be61bada745d97e8f7c300",
"0x1e589a8595423412134faa2dbdec95c8d8675e58",
@@ -220,7 +205,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0x1667cb477a1a8ec338f94741669c976316da6321"
},
- { "brainpoolP192r1", 192, 0, NULL,
+ { "brainpoolP192r1", 192, 0,
"0xc302f41d932a36cda7a3463093d18db78fce476de1a86297",
"0x6a91174076b1e0e19c39c031fe8685c1cae040e5c69a28ef",
"0x469a28ef7c28cca3dc721d044f4496bcca7ef4146fbf25c9",
@@ -229,7 +214,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0x14b690866abd5bb88b5f4828c1490002e6773fa2fa299b8f"
},
- { "brainpoolP224r1", 224, 0, NULL,
+ { "brainpoolP224r1", 224, 0,
"0xd7c134aa264366862a18302575d1d787b09f075797da89f57ec8c0ff",
"0x68a5e62ca9ce6c1c299803a6c1530b514e182ad8b0042a59cad29f43",
"0x2580f63ccfe44138870713b1a92369e33e2135d266dbb372386c400b",
@@ -238,7 +223,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0x58aa56f772c0726f24c6b89e4ecdac24354b9e99caa3f6d3761402cd"
},
- { "brainpoolP256r1", 256, 0, NULL,
+ { "brainpoolP256r1", 256, 0,
"0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377",
"0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9",
"0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6",
@@ -247,7 +232,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997"
},
- { "brainpoolP320r1", 320, 0, NULL,
+ { "brainpoolP320r1", 320, 0,
"0xd35e472036bc4fb7e13c785ed201e065f98fcfa6f6f40def4f92b9ec7893ec28"
"fcd412b1f1b32e27",
"0x3ee30b568fbab0f883ccebd46d3f3bb8a2a73513f5eb79da66190eb085ffa9f4"
@@ -262,7 +247,7 @@ static const ecc_domain_parms_t domain_parms[] =
"d35245d1692e8ee1"
},
- { "brainpoolP384r1", 384, 0, NULL,
+ { "brainpoolP384r1", 384, 0,
"0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123"
"acd3a729901d1a71874700133107ec53",
"0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f"
@@ -277,7 +262,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0e4646217791811142820341263c5315"
},
- { "brainpoolP512r1", 512, 0, NULL,
+ { "brainpoolP512r1", 512, 0,
"0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330871"
"7d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3",
"0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc"
@@ -292,7 +277,7 @@ static const ecc_domain_parms_t domain_parms[] =
"b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892"
},
- { NULL, 0, 0, NULL, NULL, NULL, NULL, NULL }
+ { NULL, 0, 0, NULL, NULL, NULL, NULL }
};
@@ -471,12 +456,13 @@ gen_k (gcry_mpi_t p, int security_level)
}
-/* Generate the crypto system setup. As of now the fix NIST
- recommended values are used. The subgroup generator point is in
- another function: gen_big_point. */
+/* Generate the crypto system setup. This function takes the NAME of
+ a curve or the desired number of bits and stores at R_CURVE the
+ parameters of the named curve or those of a suitable curve. The
+ chosen number of bits is stored on R_NBITS. */
static gpg_err_code_t
-generate_curve (unsigned int nbits, const char *name,
- elliptic_curve_t *curve, unsigned int *r_nbits)
+fill_in_curve (unsigned int nbits, const char *name,
+ elliptic_curve_t *curve, unsigned int *r_nbits)
{
int idx, aliasno;
@@ -516,7 +502,6 @@ generate_curve (unsigned int nbits, const char *name,
if (fips_mode () && !domain_parms[idx].fips )
return GPG_ERR_NOT_SUPPORTED;
-
*r_nbits = domain_parms[idx].nbits;
curve->p = scanval (domain_parms[idx].p);
curve->a = scanval (domain_parms[idx].a);
@@ -525,10 +510,6 @@ generate_curve (unsigned int nbits, const char *name,
curve->G.x = scanval (domain_parms[idx].g_x);
curve->G.y = scanval (domain_parms[idx].g_y);
curve->G.z = mpi_alloc_set_ui (1);
- memset (curve->name_oid, 0, sizeof(curve->name_oid));
- if (domain_parms[idx].name_oid)
- memcpy (curve->name_oid,
- domain_parms[idx].name_oid, domain_parms[idx].name_oid[0]+1);
return 0;
}
@@ -551,24 +532,19 @@ generate_key (ECC_secret_key *sk, unsigned int nbits, const char *name,
mpi_ec_t ctx;
gcry_random_level_t random_level;
- err = generate_curve (nbits, name, &E, &nbits);
+ err = fill_in_curve (nbits, name, &E, &nbits);
if (err)
return err;
if (DBG_CIPHER)
{
- log_mpidump ("ecgen curve p", E.p);
- log_mpidump ("ecgen curve a", E.a);
- log_mpidump ("ecgen curve b", E.b);
- log_mpidump ("ecgen curve n", E.n);
- log_mpidump ("ecgen curve G.x", E.G.x);
- /* log_mpidump ("ecc generation Gy", E.G.y);
- log_mpidump ("ecc generation Gz", E.G.z); */
-
- log_printf ("ecgen curve OID: [%d] ...%02X %02X\n",
- E.name_oid[0],
- E.name_oid[0]>0 ? E.name_oid[E.name_oid[0]-1] : 0,
- E.name_oid[E.name_oid[0]]);
+ log_mpidump ("ecgen curve p", E.p);
+ log_mpidump ("ecgen curve a", E.a);
+ log_mpidump ("ecgen curve b", E.b);
+ log_mpidump ("ecgen curve n", E.n);
+ log_mpidump ("ecgen curve Gx", E.G.x);
+ log_mpidump ("ecgen curve Gy", E.G.y);
+ log_mpidump ("ecgen cyrve Gz", E.G.z);
}
random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM;
@@ -586,7 +562,6 @@ generate_key (ECC_secret_key *sk, unsigned int nbits, const char *name,
sk->E.p = mpi_copy (E.p);
sk->E.a = mpi_copy (E.a);
sk->E.b = mpi_copy (E.b);
- memcpy(sk->E.name_oid, E.name_oid, sizeof(E.name_oid));
point_init (&sk->E.G);
point_set (&sk->E.G, &E.G);
sk->E.n = mpi_copy (E.n);
@@ -611,7 +586,7 @@ generate_key (ECC_secret_key *sk, unsigned int nbits, const char *name,
mpi_free (d);
curve_free (&E);
- /* Now we can test our keys (this should never fail!). */
+ /* Now we can test our keys (this should never fail!). */
test_keys (sk, nbits - 64);
return 0;
@@ -657,7 +632,7 @@ test_keys (ECC_secret_key *sk, unsigned int nbits)
if (DBG_CIPHER)
log_debug ("ECDSA operation: sign, verify ok.\n");
- ecc_pk_free( &pk );
+ ecc_pk_free (&pk);
point_free (&R_);
mpi_free (s);
@@ -746,9 +721,7 @@ sign (gcry_mpi_t input, ECC_secret_key *skey, gcry_mpi_t r, gcry_mpi_t s)
mpi_ec_t ctx;
if (DBG_CIPHER)
- {
log_mpidump ("ecdsa sign hash ", input );
- }
k = NULL;
dr = mpi_alloc (0);
@@ -789,10 +762,10 @@ sign (gcry_mpi_t input, ECC_secret_key *skey, gcry_mpi_t r, gcry_mpi_t s)
}
if (DBG_CIPHER)
- {
- log_mpidump ("ecdsa return r ", r );
- log_mpidump ("ecdsa return s ", s );
- }
+ {
+ log_mpidump ("ecdsa sign result r ", r);
+ log_mpidump ("ecdsa sign result s ", s);
+ }
leave:
_gcry_mpi_ec_free (ctx);
@@ -904,56 +877,7 @@ verify (gcry_mpi_t input, ECC_public_key *pkey, gcry_mpi_t r, gcry_mpi_t s)
}
-/* Lookup named curve and fill in internal curve parameters. Returns
- GPG_ERR_NOT_FOUND for an unknown OID. */
-static int
-fill_in_curve (const byte name_oid[], elliptic_curve_t *curve)
-{
- int i;
- const ecc_domain_parms_t *p;
-
- if (!name_oid || !name_oid[0])
- {
- log_debug ("ecc OID is malformed\n");
- return GPG_ERR_INV_ARG;
- }
-
- for (i = 0; domain_parms[i].desc; i++)
- {
- p = domain_parms + i;
- if (!p->name_oid || p->name_oid[0] != name_oid[0])
- continue;
- if (!memcmp (p->name_oid, name_oid, name_oid[0]+1))
- break;
- }
-
- assert (p); /* FIXME: We need proper error handling. */
-
- if (!p->desc)
- {
- log_debug ("ecc OID is not recognized\n");
- return GPG_ERR_NOT_FOUND;
- }
-
- /* TODO: there is no reason why these values are encoded as ASCII
- v.s. binary. [wk] We might want to put the curve defintions into
- a table and use a tool to create them. This also solves the
- problem of manuallay encoding the OIDs. */
- curve->p = scanval (p->p);
- curve->a = scanval (p->a);
- curve->b = scanval (p->b);
- curve->n = scanval (p->n);
- curve->G.x = scanval (p->g_x);
- curve->G.y = scanval (p->g_y);
- curve->G.z = mpi_alloc_set_ui (1);
-
- if (DBG_CIPHER)
- log_debug ("ec filled in curve %s\n", p->desc);
-
- return 0;
-}
-
-
+�
/*********************************************
************** interface ******************
*********************************************/
@@ -996,23 +920,6 @@ ec2os (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t p)
}
-static gcry_mpi_t
-name_oid_to_mpi (const byte *name_oid)
-{
- gpg_error_t err;
- gcry_mpi_t result;
-
- if (!name_oid || !name_oid[0])
- return mpi_new (0);
-
- err = gcry_mpi_scan (&result, GCRYMPI_FMT_USG, name_oid, name_oid[0]+1, NULL);
- if (err)
- log_fatal ("mpi_scan failed: %s\n", gpg_strerror (err));
-
- return result;
-}
-
-
/* RESULT must have been initialized and is set on success to the
point given by VALUE. */
static gcry_error_t
@@ -1072,38 +979,6 @@ os2ec (mpi_point_t *result, gcry_mpi_t value)
}
-static gcry_err_code_t
-mpi_to_name_oid (gcry_mpi_t mpi_in, byte name_oid_out[MAX_ECC_OID_LEN])
-{
- size_t nbytes;
- unsigned char *buf;
- gcry_error_t err;
-
- memset (name_oid_out, 0, MAX_ECC_OID_LEN);
-
- nbytes = (mpi_get_nbits (mpi_in)+7)/8;
- if (!nbytes)
- return 0;
-
- buf = gcry_xmalloc (nbytes);
- err = gcry_mpi_print (GCRYMPI_FMT_USG, buf, nbytes, &nbytes, mpi_in);
- if (err)
- {
- gcry_free (buf);
- return err;
- }
- if (buf[0]+1 != nbytes || nbytes >= MAX_ECC_OID_LEN)
- {
- gcry_free (buf);
- return GPG_ERR_INV_OBJ;
- }
- memcpy (name_oid_out, buf, nbytes+1);
- gcry_free (buf);
-
- return 0;
-}
-
-
/* Extended version of ecc_generate. */
static gcry_err_code_t
ecc_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
@@ -1114,7 +989,6 @@ ecc_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
gpg_err_code_t ec;
ECC_secret_key sk;
gcry_mpi_t g_x, g_y, q_x, q_y;
- gcry_mpi_t kek_params = NULL;
char *curve_name = NULL;
gcry_sexp_t l1;
int transient_key = 0;
@@ -1142,24 +1016,6 @@ ecc_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
transient_key = 1;
gcry_sexp_release (l1);
}
-
- /* Parse the "KEK parameters" parameter. */
- l1 = gcry_sexp_find_token (genparms, "kek-params", 0);
- if (l1)
- {
- kek_params = gcry_sexp_nth_mpi (l1, 1, 0);
- gcry_sexp_release (l1);
- if (!kek_params)
- {
- log_debug( "ecgen failed to parse 'kek-params'\n" );
- return GPG_ERR_INV_OBJ; /* No value for kek-params. */
- }
- if (DBG_CIPHER)
- {
- log_debug ("ecgen 'kek-params' parameter supplied\n" );
- log_mpidump ("ecgen DH kek-param", kek_params);
- }
- }
}
/* NBITS is required if no curve name has been given. */
@@ -1175,25 +1031,19 @@ ecc_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
if (ec)
return ec;
- skey[0] = name_oid_to_mpi( sk.E.name_oid ); /* "c", name OID */
- /* if( (ec=fill_in_curve( sk.E.name_oid, &sk.E )) ) */
- /* return ec; */
- skey[1] = ec2os (q_x, q_y, sk.E.p); /* public key */
- /* "q", public key, the point */
+ skey[0] = sk.E.p;
+ skey[1] = sk.E.a;
+ skey[2] = sk.E.b;
+ skey[3] = ec2os (g_x, g_y, sk.E.p);
+ skey[4] = sk.E.n;
+ skey[5] = ec2os (q_x, q_y, sk.E.p);
+ skey[6] = sk.d;
+
+ mpi_free (g_x);
+ mpi_free (g_y);
mpi_free (q_x);
mpi_free (q_y);
- if (algo == GCRY_PK_ECDSA)
- {
- skey[2] = sk.d;
- }
- else
- {
- /* PARAMS, the last field in the public key portion. */
- skey[2] = (kek_params ? kek_params : mpi_new (0));
-
- skey[3] = sk.d;
- }
point_free (&sk.E.G);
point_free (&sk.Q);
@@ -1204,19 +1054,13 @@ ecc_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
if (DBG_CIPHER)
{
- if (algo == GCRY_PK_ECDSA)
- {
- log_mpidump ("ecgen DSA c ", skey[0]);
- log_mpidump ("ecgen DSA Q ", skey[1]);
- log_mpidump ("ecgen DSA d ", skey[2]);
- }
- else
- {
- log_mpidump ("ecgen DH c ", skey[0]);
- log_mpidump ("ecgen DH Q ", skey[1]);
- log_mpidump ("ecgen DH p ", skey[2]);
- log_mpidump ("ecgen DH d ", skey[3]);
- }
+ log_mpidump ("ecgen result p", skey[0]);
+ log_mpidump ("ecgen result a", skey[1]);
+ log_mpidump ("ecgen result b", skey[2]);
+ log_mpidump ("ecgen result G", skey[3]);
+ log_mpidump ("ecgen result n", skey[4]);
+ log_mpidump ("ecgen result Q", skey[5]);
+ log_mpidump ("ecgen result d", skey[6]);
}
return 0;
@@ -1242,7 +1086,7 @@ ecc_get_param (const char *name, gcry_mpi_t *pkey)
mpi_ec_t ctx;
gcry_mpi_t g_x, g_y;
- err = generate_curve (0, name, &E, &nbits);
+ err = fill_in_curve (0, name, &E, &nbits);
if (err)
return err;
@@ -1261,6 +1105,9 @@ ecc_get_param (const char *name, gcry_mpi_t *pkey)
pkey[4] = E.n;
pkey[5] = NULL;
+ mpi_free (g_x);
+ mpi_free (g_y);
+
return 0;
}
@@ -1273,15 +1120,24 @@ ecc_check_secret_key (int algo, gcry_mpi_t *skey)
(void)algo;
- if (!skey[0] || !skey[1] || !skey[2] )
+ /* FIXME: This check looks a bit fishy: Now long is the array? */
+ if (!skey[0] || !skey[1] || !skey[2] || !skey[3] || !skey[4] || !skey[5]
+ || !skey[6])
return GPG_ERR_BAD_MPI;
- if( (err=mpi_to_name_oid( skey[0], sk.E.name_oid )) )
- return err;
- if( (err=fill_in_curve( sk.E.name_oid, &sk.E )) )
- return err;
+ sk.E.p = skey[0];
+ sk.E.a = skey[1];
+ sk.E.b = skey[2];
+ point_init (&sk.E.G);
+ err = os2ec (&sk.E.G, skey[3]);
+ if (err)
+ {
+ point_free (&sk.E.G);
+ return err;
+ }
+ sk.E.n = skey[4];
point_init (&sk.Q);
- err = os2ec (&sk.Q, skey[1]);
+ err = os2ec (&sk.Q, skey[5]);
if (err)
{
point_free (&sk.E.G);
@@ -1289,7 +1145,7 @@ ecc_check_secret_key (int algo, gcry_mpi_t *skey)
return err;
}
- sk.d = skey[2];
+ sk.d = skey[6];
if (check_secret_key (&sk))
{
@@ -1311,22 +1167,30 @@ ecc_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
(void)algo;
- if (!data || !skey[0] || !skey[1] || !skey[2] )
+ if (!data || !skey[0] || !skey[1] || !skey[2] || !skey[3] || !skey[4]
+ || !skey[5] || !skey[6] )
return GPG_ERR_BAD_MPI;
- if( (err=mpi_to_name_oid( skey[0], sk.E.name_oid )) )
- return err;
- if( (err=fill_in_curve( sk.E.name_oid, &sk.E )) )
- return err;
+ sk.E.p = skey[0];
+ sk.E.a = skey[1];
+ sk.E.b = skey[2];
+ point_init (&sk.E.G);
+ err = os2ec (&sk.E.G, skey[3]);
+ if (err)
+ {
+ point_free (&sk.E.G);
+ return err;
+ }
+ sk.E.n = skey[4];
point_init (&sk.Q);
- err = os2ec (&sk.Q, skey[1]);
+ err = os2ec (&sk.Q, skey[5]);
if (err)
{
point_free (&sk.E.G);
point_free (&sk.Q);
return err;
}
- sk.d = gcry_mpi_copy( skey[2] );
+ sk.d = skey[6];
resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.E.p));
resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.E.p));
@@ -1337,7 +1201,8 @@ ecc_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
mpi_free (resarr[1]);
resarr[0] = NULL; /* Mark array as released. */
}
- ecc_sk_free( &sk );
+ point_free (&sk.E.G);
+ point_free (&sk.Q);
return err;
}
@@ -1353,35 +1218,40 @@ ecc_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
(void)cmp;
(void)opaquev;
- if (!data[0] || !data[1] || !hash || !pkey[0] || !pkey[1] )
+ if (!data[0] || !data[1] || !hash || !pkey[0] || !pkey[1] || !pkey[2]
+ || !pkey[3] || !pkey[4] || !pkey[5] )
return GPG_ERR_BAD_MPI;
- if( (err=mpi_to_name_oid( pkey[0], pk.E.name_oid )) )
- return err;
- if( (err=fill_in_curve( pk.E.name_oid, &pk.E )) )
- return err;
+ pk.E.p = pkey[0];
+ pk.E.a = pkey[1];
+ pk.E.b = pkey[2];
+ point_init (&pk.E.G);
+ err = os2ec (&pk.E.G, pkey[3]);
+ if (err)
+ {
+ point_free (&pk.E.G);
+ return err;
+ }
+ pk.E.n = pkey[4];
point_init (&pk.Q);
- err = os2ec (&pk.Q, pkey[1]);
+ err = os2ec (&pk.Q, pkey[5]);
if (err)
{
- ecc_pk_free( &pk );
+ point_free (&pk.E.G);
+ point_free (&pk.Q);
return err;
}
err = verify (hash, &pk, data[0], data[1]);
- ecc_pk_free( &pk );
+ point_free (&pk.E.G);
+ point_free (&pk.Q);
return err;
}
/* ecdh raw is classic 2-round DH protocol published in 1976.
*
- * Some overloading is needed to fit it to encrypt/decrypt PK
- * interface of libgcrypt. The only need for this complexity is that
- * some designs of client of libgcrypt don't allow to get the private
- * components of public keys.
- *
* Overview of ecc_encrypt_raw and ecc_decrypt_raw.
*
* As with any PK operation, encrypt version uses a public key and
@@ -1389,32 +1259,30 @@ ecc_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
*
* Symbols used below:
* G - field generator point
- * x - private long-term scalar
- * xG - public long-term key
+ * d - private long-term scalar
+ * dG - public long-term key
* k - ephemeral scalar
* kG - ephemeral public key
- * xkG - shared secret
+ * dkG - shared secret
*
* ecc_encrypt_raw description:
* input:
* data[0] : private scalar (k)
* output:
- * resaddr[0] : shared point (k*x*G, where x is the secret scalar of pkey;
- * it's the shared secret)
- * resaddr[1] : generated ephemeral public key (kG)
+ * result[0] : shared point (kdG)
+ * result[1] : generated ephemeral public key (kG)
*
* ecc_decrypt_raw description:
* input:
* data[0] : a point kG (ephemeral public key)
* output:
- * result[0] : shared point (k*x*G, where x is the secret scalar of pkey;
- * it's the shared secret)
+ * result[0] : shared point (kdG)
*/
static gcry_err_code_t
-ecc_encrypt_raw (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
+ecc_encrypt_raw (int algo, gcry_mpi_t *resarr, gcry_mpi_t k,
gcry_mpi_t *pkey, int flags)
{
- ECC_secret_key sk;
+ ECC_public_key pk;
mpi_ec_t ctx;
gcry_mpi_t result[2];
int err;
@@ -1422,36 +1290,31 @@ ecc_encrypt_raw (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
(void)algo;
(void)flags;
- if (DBG_CIPHER)
- log_debug ("Called ecc_encrypt_raw data size=%d bits, flags=%08x\n",
- gcry_mpi_get_nbits (data), flags);
-
- if ( !data || !pkey[0] || !pkey[1] )
+ if (!k
+ || !pkey[0] || !pkey[1] || !pkey[2] || !pkey[3] || !pkey[4] || !pkey[5])
return GPG_ERR_BAD_MPI;
- if (DBG_CIPHER)
+ pk.E.p = pkey[0];
+ pk.E.a = pkey[1];
+ pk.E.b = pkey[2];
+ point_init (&pk.E.G);
+ err = os2ec (&pk.E.G, pkey[3]);
+ if (err)
{
- log_mpidump ("ecdh encrypt PK c ", pkey[0]);
- log_mpidump ("ecdh encrypt PK q ", pkey[1]);
- log_mpidump ("ecdh encrypt PK p ", pkey[2]);
- log_mpidump ("ecdh encrypt data k", data);
+ point_free (&pk.E.G);
+ return err;
}
-
- if ((err=mpi_to_name_oid( pkey[0], sk.E.name_oid )))
- return err;
- if ((err=fill_in_curve( sk.E.name_oid, &sk.E )))
- return err;
-
- point_init (&sk.Q);
- err = os2ec (&sk.Q, pkey[1]);
- sk.d = gcry_mpi_copy( data );
+ pk.E.n = pkey[4];
+ point_init (&pk.Q);
+ err = os2ec (&pk.Q, pkey[5]);
if (err)
{
- ecc_sk_free( &sk );
+ point_free (&pk.E.G);
+ point_free (&pk.Q);
return err;
}
- ctx = _gcry_mpi_ec_init (sk.E.p, sk.E.a);
+ ctx = _gcry_mpi_ec_init (pk.E.p, pk.E.a);
/* The following is false: assert( mpi_cmp_ui( R.x, 1 )==0 );, so */
{
@@ -1463,19 +1326,21 @@ ecc_encrypt_raw (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
point_init (&R);
- _gcry_mpi_ec_mul_point (&R, sk.d, &sk.Q, ctx);
+ /* R = kQ <=> R = kdG */
+ _gcry_mpi_ec_mul_point (&R, k, &pk.Q, ctx);
if (_gcry_mpi_ec_get_affine (x, y, &R, ctx))
- log_fatal ("ecdh: Failed to get affine coordinates for xkG\n");
+ log_fatal ("ecdh: Failed to get affine coordinates for kdG\n");
- result[0] = ec2os (x, y, sk.E.p); /* xkG */
+ result[0] = ec2os (x, y, pk.E.p);
- _gcry_mpi_ec_mul_point (&R, sk.d, &sk.E.G, ctx);
+ /* R = kG */
+ _gcry_mpi_ec_mul_point (&R, k, &pk.E.G, ctx);
if (_gcry_mpi_ec_get_affine (x, y, &R, ctx))
log_fatal ("ecdh: Failed to get affine coordinates for kG\n");
- result[1] = ec2os (x, y, sk.E.p); /* kG */
+ result[1] = ec2os (x, y, pk.E.p);
mpi_free (x);
mpi_free (y);
@@ -1484,7 +1349,7 @@ ecc_encrypt_raw (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
}
_gcry_mpi_ec_free (ctx);
- ecc_sk_free (&sk);
+ ecc_pk_free (&pk);
if (!result[0] || !result[1])
{
@@ -1494,10 +1359,6 @@ ecc_encrypt_raw (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
}
/* Success. */
-
- /* None of 2 returned values are used as is; they are further
- * processed at OpenPGP layer. However, they match the number of
- * MPIs (2) needed to encrypt a message in OpenPGP format. */
resarr[0] = result[0];
resarr[1] = result[1];
@@ -1507,7 +1368,7 @@ ecc_encrypt_raw (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
/* input:
* data[0] : a point kG (ephemeral public key)
* output:
- * resaddr[0] : shared point k*x*G
+ * resaddr[0] : shared point kdG
*
* see ecc_encrypt_raw for details.
*/
@@ -1517,6 +1378,7 @@ ecc_decrypt_raw (int algo, gcry_mpi_t *result, gcry_mpi_t *data,
{
ECC_secret_key sk;
mpi_point_t R; /* Result that we return. */
+ mpi_point_t kG;
mpi_ec_t ctx;
gcry_mpi_t r;
int err;
@@ -1526,39 +1388,50 @@ ecc_decrypt_raw (int algo, gcry_mpi_t *result, gcry_mpi_t *data,
*result = NULL;
- if (DBG_CIPHER)
- log_debug ("Called ecc_encrypt_raw data size=%d bits, flags=%08x\n",
- gcry_mpi_get_nbits (data[0]), flags);
-
- if (!data || !data[0] || !skey[0] || !skey[1] || !skey[3])
+ if (!data || !data[0]
+ || !skey[0] || !skey[1] || !skey[2] || !skey[3] || !skey[4]
+ || !skey[5] || !skey[6] )
return GPG_ERR_BAD_MPI;
- if (DBG_CIPHER)
+ point_init (&kG);
+ err = os2ec (&kG, data[0]);
+ if (err)
{
- log_mpidump ("ecdh decrypt SK c ", skey[0]);
- log_mpidump ("ecdh decrypt SK q ", skey[1]);
- log_mpidump ("ecdh decrypt SK p ", skey[2]);
- log_mpidump ("ecdh decrypt data kG", data[0]);
+ point_free (&kG);
+ return err;
}
- if ((err=mpi_to_name_oid( skey[0], sk.E.name_oid )))
- return err;
- if ((err=fill_in_curve( sk.E.name_oid, &sk.E )))
- return err;
+ sk.E.p = skey[0];
+ sk.E.a = skey[1];
+ sk.E.b = skey[2];
+ point_init (&sk.E.G);
+ err = os2ec (&sk.E.G, skey[3]);
+ if (err)
+ {
+ point_free (&kG);
+ point_free (&sk.E.G);
+ return err;
+ }
+ sk.E.n = skey[4];
point_init (&sk.Q);
- err = os2ec (&sk.Q, data[0]);
- sk.d = gcry_mpi_copy (skey[3]);
+ err = os2ec (&sk.Q, skey[5]);
if (err)
{
- ecc_sk_free (&sk);
+ point_free (&kG);
+ point_free (&sk.E.G);
+ point_free (&sk.Q);
return err;
}
+ sk.d = skey[6];
ctx = _gcry_mpi_ec_init (sk.E.p, sk.E.a);
+ /* R = dkG */
point_init (&R);
- _gcry_mpi_ec_mul_point (&R, sk.d, &sk.Q, ctx);
+ _gcry_mpi_ec_mul_point (&R, sk.d, &kG, ctx);
+
+ point_free (&kG);
/* The following is false: assert( mpi_cmp_ui( R.x, 1 )==0 );, so: */
{
@@ -1594,8 +1467,8 @@ static unsigned int
ecc_get_nbits (int algo, gcry_mpi_t *pkey)
{
(void)algo;
- /* Derive it from public key point Q, which is 1 byte + x + y . */
- return (mpi_get_nbits (pkey[1]) / (8*2)) * 8;
+
+ return mpi_get_nbits (pkey[0]);
}
@@ -1759,20 +1632,20 @@ run_selftests (int algo, int extended, selftest_report_func_t report)
static const char *ecdsa_names[] =
{
"ecdsa",
- "ecdh",
- "ecc", /* Only here, for the minimum number of public parameters (= 2) */
+ "ecc",
NULL,
};
static const char *ecdh_names[] =
{
"ecdh",
+ "ecc",
NULL,
};
gcry_pk_spec_t _gcry_pubkey_spec_ecdsa =
{
"ECDSA", ecdsa_names,
- "cq", "cqd", "", "rs", "cq",
+ "pabgnq", "pabgnqd", "", "rs", "pabgnq",
GCRY_PK_USAGE_SIGN,
ecc_generate,
ecc_check_secret_key,
@@ -1786,7 +1659,7 @@ gcry_pk_spec_t _gcry_pubkey_spec_ecdsa =
gcry_pk_spec_t _gcry_pubkey_spec_ecdh =
{
"ECDH", ecdh_names,
- "cqp", "cqpd", "ab", "", "cqp",
+ "pabgnq", "pabgnqd", "", "rs", "pabgnq",
GCRY_PK_USAGE_ENCR,
ecc_generate,
ecc_check_secret_key,
commit 55563efccdafc8fb470cab0cae6d186147cc09b6
Merge: 2089236 f4786ac
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jan 27 06:51:04 2011 +0100
Merge commit 'f4786ac' into ECC-INTEGRATION-1-5
commit f4786ac5fe01ba111eee27d1a1e9f3d40a9fac02
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jan 27 06:47:06 2011 +0100
Extend ignore file for non-vpath builds
diff --git a/.gitignore b/.gitignore
index 05033b3..ec7f8bb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,8 +1,83 @@
+*.lo
+*.o
+.deps/
+.libs/
+po/*.gmo
+po/messages.mo
/aclocal.m4
/autom4te.cache
/config.h.in
+/config.h
+/config.log
+/config.status
/configure
-Makefile.in
+/libtool
+/stamp-h1
+/Makefile.in
+cipher/Makefile.in
+compat/Makefile.in
+doc/Makefile.in
+m4/Makefile.in
+mpi/Makefile.in
+random/Makefile.in
+src/Makefile.in
+tests/Makefile.in
+/Makefile
+m4/Makefile
+cipher/Makefile
+cipher/libcipher.la
+compat/Makefile
+compat/libcompat.la
doc/gcrypt.info
doc/stamp-vti
doc/version.texi
+doc/Makefile
+doc/fips-fsm.eps
+doc/fips-fsm.pdf
+doc/fips-fsm.png
+doc/libgcrypt-modules.eps
+doc/libgcrypt-modules.pdf
+doc/libgcrypt-modules.png
+mpi/Makefile
+mpi/asm-syntax.h
+mpi/libmpi.la
+mpi/mod-source-info.h
+mpi/mpi-asm-defs.h
+mpi/mpih-add1-asm.S
+mpi/mpih-lshift-asm.S
+mpi/mpih-mul1-asm.S
+mpi/mpih-mul2-asm.S
+mpi/mpih-mul3-asm.S
+mpi/mpih-rshift-asm.S
+mpi/mpih-sub1-asm.S
+mpi/sysdep.h
+random/Makefile
+random/librandom.la
+src/Makefile
+src/dumpsexp
+src/gcrypt.h
+src/hmac256
+src/libgcrypt-config
+src/libgcrypt.la
+src/versioninfo.rc
+tests/Makefile
+tests/ac
+tests/ac-data
+tests/ac-schemes
+tests/aeswrap
+tests/basic
+tests/benchmark
+tests/fips186-dsa
+tests/fipsdrv
+tests/hmac
+tests/keygen
+tests/keygrip
+tests/mpitests
+tests/prime
+tests/pubkey
+tests/random
+tests/register
+tests/rsacvt
+tests/t-mpi-bit
+tests/tsexp
+tests/version
commit 2089236f5713118e8adbaf8482730e3f2c556c1a
Author: Werner Koch <wk at gnupg.org>
Date: Wed Jan 26 19:26:38 2011 +0100
Begin of changing the ECDH API.
diff --git a/cipher/ChangeLog b/cipher/ChangeLog
index 1b3694f..f38c818 100644
--- a/cipher/ChangeLog
+++ b/cipher/ChangeLog
@@ -1,3 +1,10 @@
+2011-01-26 Werner Koch <wk at g10code.com>
+
+ * pubkey.c (sexp_to_key): Revert to pre-ECDH integration state.
+ Allow for ecdh.
+ * ecc.c (ecc_get_param): Revert to pre-ECDH integration state.
+ (compute_keygrip): Revert to 6 parameter version.
+
2010-08-19 Werner Koch <wk at g10code.com>
* cipher.c (gcry_cipher_open): Remove double release of the module.
@@ -3979,7 +3986,7 @@ Mon Feb 16 10:08:47 1998 Werner Koch (wk at isil.d.shuttle.de)
Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006
- 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+ 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
diff --git a/cipher/ecc.c b/cipher/ecc.c
index aa0cd6a..9ec4bb6 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -1137,16 +1137,11 @@ ecc_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
/* Parse the optional transient-key flag. */
l1 = gcry_sexp_find_token (genparms, "transient-key", 0);
- if( l1 ) {
- const char *s;
- s = _gcry_sexp_nth_string (l1, 1);
- if( s && strcmp( s, "1" )==0 )
- transient_key = 1;
- gcry_sexp_release (l1);
- if (DBG_CIPHER)
- log_debug ("ecgen 'transient-key' parameter supplied, value=%d\n",
- transient_key);
- }
+ if (l1)
+ {
+ transient_key = 1;
+ gcry_sexp_release (l1);
+ }
/* Parse the "KEK parameters" parameter. */
l1 = gcry_sexp_find_token (genparms, "kek-params", 0);
@@ -1154,14 +1149,16 @@ ecc_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
{
kek_params = gcry_sexp_nth_mpi (l1, 1, 0);
gcry_sexp_release (l1);
- if (!kek_params) {
- log_debug( "ecgen failed to parse 'kek-params'\n" );
- return GPG_ERR_INV_OBJ; /* No curve name or value too large. */
- }
- if (DBG_CIPHER) {
- log_debug( "ecgen 'kek-params' parameter supplied\n" );
- log_mpidump ("ecgen DH kek-param", kek_params);
- }
+ if (!kek_params)
+ {
+ log_debug( "ecgen failed to parse 'kek-params'\n" );
+ return GPG_ERR_INV_OBJ; /* No value for kek-params. */
+ }
+ if (DBG_CIPHER)
+ {
+ log_debug ("ecgen 'kek-params' parameter supplied\n" );
+ log_mpidump ("ecgen DH kek-param", kek_params);
+ }
}
}
@@ -1235,14 +1232,6 @@ ecc_generate (int algo, unsigned int nbits, unsigned long evalue,
}
-#if 0
-/* Need to be implemented, if called neeeded. The issue is that the
- * purpose of this function is to return the information about the
- * curve that is beyond the information present in the public key. In
- * particular, the pkey size is now just 2, while we may need to
- * return E.a, E.b, E.p, E.n, E.g, type of the curve, at the minimum.
- * This information is readily available for well-known named curves.
- */
/* Return the parameters of the curve NAME. */
static gcry_err_code_t
ecc_get_param (const char *name, gcry_mpi_t *pkey)
@@ -1265,17 +1254,15 @@ ecc_get_param (const char *name, gcry_mpi_t *pkey)
_gcry_mpi_ec_free (ctx);
point_free (&E.G);
- pkey[0] = name_oid_to_mpi( E.name_oid );
- pkey[1] = E.p;
- pkey[2] = E.a;
- pkey[3] = E.b;
- pkey[4] = ec2os (g_x, g_y, E.p);
- pkey[5] = E.n;
- pkey[6] = NULL;
+ pkey[0] = E.p;
+ pkey[1] = E.a;
+ pkey[2] = E.b;
+ pkey[3] = ec2os (g_x, g_y, E.p);
+ pkey[4] = E.n;
+ pkey[5] = NULL;
return 0;
}
-#endif
static gcry_err_code_t
@@ -1616,19 +1603,19 @@ ecc_get_nbits (int algo, gcry_mpi_t *pkey)
static gpg_err_code_t
compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparam)
{
-#define N_ECC_PUBKEY_COMPONENETS 2
- static const char names[] = "cq";
+#define N_COMPONENTS 6
+ static const char names[N_COMPONENTS+1] = "pabgnq";
gpg_err_code_t ec = 0;
gcry_sexp_t l1;
- gcry_mpi_t values[N_ECC_PUBKEY_COMPONENETS];
+ gcry_mpi_t values[N_COMPONENTS];
int idx;
/* Clear the values for easier error cleanup. */
- for (idx=0; idx < sizeof(values)/sizeof(values[0]); idx++)
+ for (idx=0; idx < N_COMPONENTS; idx++)
values[idx] = NULL;
- /* Fill values with all available parameters. */
- for (idx=0; idx < sizeof(values)/sizeof(values[0]); idx++)
+ /* Fill values with all provided parameters. */
+ for (idx=0; idx < N_COMPONENTS; idx++)
{
l1 = gcry_sexp_find_token (keyparam, names+idx, 1);
if (l1)
@@ -1643,18 +1630,15 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparam)
}
}
-#if 0
- /* Not used now: curve name (DER OID of the name, actually) is
- always hashed above. */
/* Check whether a curve parameter is available and use that to fill
in missing values. */
l1 = gcry_sexp_find_token (keyparam, "curve", 5);
if (l1)
{
char *curve;
- gcry_mpi_t tmpvalues[N_ECC_PUBKEY_COMPONENETS];
+ gcry_mpi_t tmpvalues[N_COMPONENTS];
- for (idx = 0; idx < sizeof(tmpvalues)/sizeof(tmpvalues[0]); idx++)
+ for (idx = 0; idx < N_COMPONENTS; idx++)
tmpvalues[idx] = NULL;
curve = _gcry_sexp_nth_string (l1, 1);
@@ -1668,7 +1652,7 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparam)
if (ec)
goto leave;
- for (idx = 0; idx < sizeof(values)/sizeof(values[0]); idx++)
+ for (idx = 0; idx < N_COMPONENTS; idx++)
{
if (!values[idx])
values[idx] = tmpvalues[idx];
@@ -1676,12 +1660,11 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparam)
mpi_free (tmpvalues[idx]);
}
}
-#endif
/* Check that all parameters are known and normalize all MPIs (that
should not be required but we use an internal function later and
thus we better make 100% sure that they are normalized). */
- for (idx = 0; idx < sizeof(values)/sizeof(values[0]); idx++)
+ for (idx = 0; idx < N_COMPONENTS; idx++)
if (!values[idx])
{
ec = GPG_ERR_NO_OBJ;
@@ -1691,7 +1674,7 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparam)
_gcry_mpi_normalize (values[idx]);
/* Hash them all. */
- for (idx = 0; idx < sizeof(values)/sizeof(values[0]); idx++)
+ for (idx = 0; idx < N_COMPONENTS; idx++)
{
char buf[30];
unsigned char *rawmpi;
@@ -1711,11 +1694,11 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparam)
}
leave:
- for (idx = 0; idx < sizeof(values)/sizeof(values[0]); idx++)
+ for (idx = 0; idx < N_COMPONENTS; idx++)
_gcry_mpi_release (values[idx]);
return ec;
-#undef N_ECC_PUBKEY_COMPONENETS
+#undef N_COMPONENTS
}
@@ -1820,5 +1803,5 @@ pk_extra_spec_t _gcry_pubkey_extraspec_ecdsa =
run_selftests,
ecc_generate_ext,
compute_keygrip,
- NULL /* ecc_get_param */
+ ecc_get_param
};
diff --git a/cipher/pubkey.c b/cipher/pubkey.c
index 64ae1a0..2861d29 100644
--- a/cipher/pubkey.c
+++ b/cipher/pubkey.c
@@ -950,6 +950,7 @@ sexp_elements_extract_ecc (gcry_sexp_t key_sexp, const char *element_names,
* openpgp-elg
* openpgp-elg-sig
* ecdsa
+ * ecdh
* Provide a SE with the first element be either "private-key" or
* or "public-key". It is followed by a list with its first element
* be one of the above algorithm identifiers and the remaning
@@ -983,7 +984,7 @@ sexp_to_key (gcry_sexp_t sexp, int want_private, gcry_mpi_t **retarray,
gcry_module_t module;
gcry_pk_spec_t *pubkey;
pk_extra_spec_t *extraspec;
- /* FIXME: Why has this been removed? int is_ecc; *
+ int is_ecc;
/* Check that the first element is valid. */
list = gcry_sexp_find_token (sexp,
@@ -1011,7 +1012,9 @@ sexp_to_key (gcry_sexp_t sexp, int want_private, gcry_mpi_t **retarray,
with a key is compatible with an application of the key (signing,
encryption). For RSA this is easy, but ECC is the first
algorithm which has many flavours. */
- /* is_ecc = ( !strcmp (name, "ecdsa") || !strcmp (name, "ecc") ); */
+ is_ecc = ( !strcmp (name, "ecdsa")
+ || !strcmp (name, "ecdh")
+ || !strcmp (name, "ecc") );
gcry_free (name);
if (!module)
@@ -1031,10 +1034,9 @@ sexp_to_key (gcry_sexp_t sexp, int want_private, gcry_mpi_t **retarray,
err = gpg_err_code_from_errno (errno);
if (!err)
{
- /* FIXME: Removing this ECC case changes the ABI; we can't do it. */
- /* if (is_ecc) */
- /* err = sexp_elements_extract_ecc (list, elems, array, extraspec); */
- /* else */
+ if (is_ecc)
+ err = sexp_elements_extract_ecc (list, elems, array, extraspec);
+ else
err = sexp_elements_extract (list, elems, array, pubkey->name);
}
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 83 ++++++++
NEWS | 2 +
cipher/ChangeLog | 49 +++++-
cipher/ecc.c | 618 +++++++++++++++++++++---------------------------------
cipher/pubkey.c | 41 +++--
src/ChangeLog | 4 +
src/sexp.c | 90 ++++++---
7 files changed, 465 insertions(+), 422 deletions(-)
create mode 100644 .gitignore
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
More information about the Gnupg-commits
mailing list